

## CLAIMS

1. A semiconductor integrated circuit arranged to execute application code received from a memory via external connections, comprising:
  - a processor for executing application code from the memory;
  - an internal bus within the integrated circuit for providing the application code to the processor from the external connections;
  - a verifier processor arranged to receive the application code via the internal bus, wherein the verifier processor is arranged to continually process the application code using a verification function whilst the processor executes from the memory and to impair the function of the integrated circuit in the event that the application code does not satisfy the verification function, and
  - an instruction monitor arranged to monitor code requests issued by the processor and to impair the function of the circuit unless the address of the code falls within a given range.
2. A semiconductor integrated circuit according to claim 1 wherein the given range is predefined and stored in an internal memory.
3. A semiconductor integrated circuit according to claim 1 wherein the given range is derived by the verifier processor during a first check of the memory.
4. A semiconductor integrated circuit according to claim 3 wherein the code in memory is in the form of a linked list and the given range comprises a table of linked list addresses.
5. A semiconductor integrated circuit according to claim 3 wherein the verifier processor is arranged to impair the function of the integrated circuit if the

verification function is not completed for one complete cycle of the linked list within a predetermined time.

6. A semiconductor integrated circuit according to claim 1 wherein the verifier processor is arranged to receive pause and stop requests and is configured so that any pause and stop request is ineffective during a first check of the code.

7. A semiconductor integrated circuit according to claim 1 wherein the verifier processor can only be paused for a predetermined time.

8. A semiconductor integrated circuit according to claim 1 wherein if the application codes does not satisfy the verification function, a reset signal is asserted after a predetermined time.

9. A semiconductor integrated circuit according to claim 8 wherein a status signal is set and stored to indicate that the code does not satisfy the verification function before the reset is asserted.

10. A semiconductor integrated circuit according to claim 1 wherein the verification function includes a hash function on the application code.

11. A semiconductor integrated circuit according to claim 1 wherein the verifier processor is arranged to receive a stored secret from the memory and the verification function is a comparison of the secret and the processed application code.

12. A semiconductor integrated circuit according to claim 1 wherein the verification function comprises hashing the application code to produce hashed code, retrieving a signature of the code from a signature store within the memory and verifying the hashed code and signature using a public key.

13. A semiconductor integrated circuit according to claim 1 wherein the verifier processor has a stop input and is arranged to restart a given time period after a stop, and arranged not to stop again until completing the verification function on the code at least once.

14. A semiconductor integrated circuit according to claim 1 wherein the verifier processor requests portions application code from the flash memory at intervals between requests by the processor for portions of the application code.

15. A semiconductor integrated circuit according to claim 14 wherein the verifier processor requests portions of application code less frequent intervals than the processor.

16. A semiconductor integrated circuit according to claim 14 wherein the verifier processor is arranged to request portions of application code at pseudo random times.

17. A semiconductor integrated circuit according to claim 14 wherein the verifier processor is arranged to carry out read requests at a faster rate during a first check than in subsequent checks.

18. A semiconductor integrated circuit according to claim 1 wherein impairing the function of the integrated circuit comprises resetting the circuit.

19. A semiconductor integrated circuit arranged to execute application code received from an external memory via an external connection, comprising:  
a processor for executing the application code from the memory;  
an internal bus within the integrated circuit and connected to the processor to provide the application code to the processor from the external connections; and

a verifier processor arranged to receive the application code via the internal bus, wherein the verifier processor is structured to process the application code using a verification function while the processor executes from the memory and to impede the execution of the integrated circuit if the application code does not satisfy the verification function.

20. The circuit of claim 19, further comprising an instruction monitor connected to internal bus and structured to monitor code requests issued by the processor and to impair the execution of the circuit unless the address of the code falls within a given range.

21. The circuit of claim 20 wherein the given range is derived by the verifier processor during a check of the memory.

22. The circuit of claim 20 wherein the code in memory is accessed by a linked list and the given range is stored in a table of linked list addresses.

23. The circuit of claim 19 wherein the verification processor is structured to impair the execution of the circuit by asserting a reset signal to the processor if the application codes does not satisfy the verification function within a predetermined time.

24. The circuit of claim 19 wherein the verification processor includes:  
an internal processor that coordinates the processing of the application using the verification function and impairs the execution of the integrated circuit if the application code does not satisfy the verification function;  
a code memory, coupled to the internal processor, that stores code for controlling the internal processor to process the application code and impair the

execution of the integrated circuit if the application code does not satisfy the verification function; and

an interface circuit that connects the internal processor with the internal bus.

25. A memory system, comprising:

a non-volatile memory that stores application code; and  
a semiconductor integrated circuit arranged to execute the application code received from the non-volatile memory via an external connection, the integrated circuit including:

a processor for executing the application code from the memory;  
an internal bus within the integrated circuit and connected to the processor to provide the application code to the processor from the external connections; and

a verifier processor arranged to receive the application code via the internal bus, wherein the verifier processor is structured to process the application code using a verification function while the processor executes from the memory and to render the memory system wholly or partly unusable if the application code does not satisfy the verification function.

26. The memory system of claim 25, wherein the integrated circuit further includes an instruction monitor connected to internal bus and structured to monitor code requests issued by the processor and to impair the execution of the circuit unless the address of the code falls within a given range.

27. The memory system of claim 26 wherein the given range is derived by the verifier processor during a check of the memory.

28. The memory system of claim 26 wherein the non-volatile memory includes a linked list for accessing the application code and the given range is stored in an internal memory of the integrated circuit as a table of linked list addresses.

29. The memory system of claim 25 wherein the verification processor is structured to impair the execution of the circuit by asserting a reset signal to the processor if the application codes does not satisfy the verification function within a predetermined time.

30. The memory system of claim 25 wherein the verification processor includes:

an internal processor that coordinates the processing of the application using the verification function and impairs the execution of the integrated circuit if the application code does not satisfy the verification function;

a code memory, coupled to the internal processor, that stores code for controlling the internal processor to process the application code and impair the execution of the integrated circuit if the application code does not satisfy the verification function; and

an interface circuit that connects the internal processor with the internal bus.